During security research in April 2019, I have discovered that the common OLED SSD1306-like displays used in many cryptocurrency hardware wallets and other embedded devices are leaking information about the display contents towards the USB interface from which the device is powered.
This represents an interesting side channel that had so far not been discovered by other vendors and researchers.
I’m a freelance Security Consultant and currently available for new projects.
If you are looking for assistance to secure your projects or organization, contact me.
Illuminating the OLED pixels takes a comparably large amount of current per pixel and this type of display illuminates pixels on a line-by-line basis. As a result, there is a strong electrical side channel for the display contents through the current fluctuations on the USB power line that can be measured without hardware modifications to the device itself.
Here is a graphical representation of the effect on an unmodified KeepKey, traced over 2½ display cycles:
The side channel is relevant since the security design of this class of devices is built to some degree on the assumption that the display contents are readable by the user, but unreadable to other involved electronics. If this confidentiality assumption does not hold in practice, there is the possibility that malicious equipment is able to recover significant portions of PIN codes or BIP39 mnemonic words.
I will present more details and attack scenario considerations via additions to this post and later articles.
Power analysis shows this correlation on the BIP39 secret word display of the Trezor One.
weird (yellow) vs. cram (orange):
weird (yellow) vs. zoo (orange):
century (yellow) vs. cram (orange):
From April to August 2019, I’ve analyzed a number of devices for their susceptibility to this attack and responsibly disclosed the issue to the affected vendors. Coordinating the disclosure of a hardware vulnerability among multiple competing vendors is not a straightforward process and there were a number of challenges along the way. I may write about them at some point in the future.
I initially requested a CVE ID from MITRE in July.